In the past week I’ve garnered a lot of press attention from my ongoing research into the Windows shortcut vulnerability. Apparently this has brought my name to the attention of the SEO poisoners who continually target Google.

There were more results than shown here, so I did some poking around to see what they were. The most common poisoning and the one shown here leads to some hacked websites that are chock full of tasty keywords for search engine manipulation. None of the sites I investigated had any malicious content themselves; they appear to be using hacked blogs and sites to enhance the search rank of someone who was foolish enough to hire them to increase their Google PageRank.

Another of the poisoned pages redirected to a fake Google results page.

Following the link displayed takes you through a series of redirects, all of which have some sort of affiliate ID number in the URL, landing you eventually at fake Canadian pharmacy websites. The Canadian pharmacy sites are on a rotation so you get a different one each time you click the link.

The attack must be related to insecure versions of WordPress, since the source code shows that the pages were created using WordPress/MU. As you can see, my name is the title of this particular page.

The cat-and-mouse game between the con artists and Google continues. Throughout the day I have watched many of the poisoned results disappear as Google catches on to their techniques and puts them out of commission. Simply because a site is in a Google search result does not make it legitimate. Think before you click and take advantage of the summaries Google provides to determine whether something smells a bit phishy.

Post navigation

About the author

Chester Wisniewski has been involved in the information security space
since the late 1980s. He is currently a Principal Research Scientist in
the Office of the CTO. Chet divides his time between research, public
speaking, writing and attempting to communicate the complexities of
security to the press and public in a way they can understand.
Chester has spoken at RSA, InfoSec Europe, LISA, USENIX, Virus Bulletin
and many Security BSides events around the world in addition to
regularly consulting with NPR, CNN, CBC, The New York Times and other
media outlets.
You can follow Chester on Twitter as @chetwisniewski, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.